Is ntop/utils/rrd-alarm an ongoing project ? []s.
-----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Luca Deri Enviada em: quarta-feira, 14 de fevereiro de 2007 06:04 Para: [email protected] Assunto: Re: [Ntop] Automated actions? Was: filter expression question [newbie] Gary, the only way (as of today) to produce alarms is through an external tool ntop/utils/rrd-alarm or using tools like nagios and through the nagios rrd-plugin set thresholds on ntop-generated rrds. If you're interested I would appreciate if you want to contribute in this area of ntop development. Cheers, Luca Gary Gatten wrote: > To my knowledge nTop does NOT have any sort of notification engine built > in - correct? So, if you want an automated action of some sort, such as > an email, that would require custom code right? > > I noticed the SNMP plugin but have not looked at it. If the MIB is > detailed enough, you could monitor the nTop data with an SNMP manager > and use the SNMP manager to send events when a given threshold or policy > is violated. > > One simple (I assume) automated action would be the host flags. If the > code is already there to detect traffic on odd ports and high numbers of > connections, then it "should" be pretty easy to launch an external > process (email?) in addition to setting the host flag status? > > Gary > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Luca Deri > Sent: Tuesday, February 13, 2007 2:27 AM > To: [email protected] > Subject: Re: [Ntop] filter expression question [newbie] > > Gene, > ntop accepts BPF filters (do man tcpdump) > > Regards, Luca > > Gene Anderson wrote: > >> Good day. I'm new to using ntop and have been using it to monitor some >> site uplinks - very handy tool. I am hoping to find out if ntop can >> > send > >> email alerts if specific traffic is detected, like say a port scan or >> > if a > >> client is doing a massive DoS attack, etc. >> >> So I tried adding: >> >> -B "icmp ping-flood ICMP_ECHO any/any pktcount > 30 unit 10 action >> > alarm > >> rearm 90" >> >> and >> >> --filter-expression "icmp ping-flood ICMP_ECHO any/any pktcount > 30 >> > unit > >> 10 action alarm rearm 90" >> >> and neither expression works in my /etc/ntop.conf config file. I'm new >> > to > >> using Linux and even newer still to stuff like ntop and I know enough >> > to > >> be dangerous. So I'm not sure what I'm doing wrong. Can someone please >> point out what I'm sure is obvious and tell me what I'm doing wrong in >> trying to have ntop filter expressions? TIA. >> >> >> Gene Anderson >> Computer Technician, Microsoft Certified Professional >> Pembina Hills Regional Division No.7 >> Phone: (780) 674-8535 ext 6860 >> email: [EMAIL PROTECTED] >> >> "Passwords are like bubble gum, strongest when fresh, should never be >> used by groups and create a sticky mess when left laying around" >> >> -anon >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> > > > -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ skype://lucaderi/ Don't be encumbered by past history. Go off and do something wonderful - Robert Noyce _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
